Dixons Carphone reveals data breach affecting 5.9 million customers

Daniel Fowler
June 14, 2018

If there is a serious breach of your personal data that is likely to result in a high risk to your rights and freedoms, in most circumstances the company is obligated under GDPR to tell you without undue delay.

Millions of Dixons Carphone customers have had their financial and personal data illegally accessed after a major breach at the United Kingdom company.

Dixons Carphone has revealed it has been hit by a huge data breach.

The breach appears to have taken place "in one of the processing systems of Currys PC World and Dixons Travel stores", the company said.

The personal data records accessed contained non-financial personal data, such as name, address or email address, but there was no evidence of fraud here either.

These figures make it one of the largest data breaches involving a United Kingdom company, emerging just weeks after the GDPR data-protection legislation came into effect.

While the breach took place last July, Dixons Carphone only realised that it had occurred in the last week and the notification delay of nearly a year was not a case of the firm covering up the fact, allegedly. Pretax profit will drop to about 300 million pounds in the year ending April 2019, Dixons Carphone said.

Lesbian Couple Says They Were Kicked From Uber Over a 'Peck'
Hendrick said that the driver had reported the incident as well. "This goes to show that it can happen anywhere". The women say that the driver soon pulled over, opened the doors, and said, "You should not do that".

They claim stolen data is not believed to have left internal systems, but are advising customers to take protective steps anyway.

Dixons Carphone has informed the relevant authorities, including the Information Commissioner's Office and Financial Conduct Authority, but stresses that 5.8 million card details are still protected by Chip-and-PIN systems.

Pin codes, card verification values (CVV), and authentication data enabling holder identification or purchases were not stored in the data.

The company said that of the cards not secured with chip and pin, none were reported to have been misused, the rest of the cards should be secure. "We have no evidence of any fraud on these cards as a result of this incident".

In a statement about the breach, Dixons Carphone chief executive, Alex Baldock, said: "We are extremely disappointed and sorry for any upset this may cause". Again, Dixons said there was no evidence that it had resulted in any fraud.

The ICO has the power to fine Dixons Carphone, as it did in January when it issued a £400,000 penalty over a separate breach.

The breach was now being investigated by police, it said, while regulators had also been informed.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER